I often get questions related to the real differences between what Cisco defines as an end-to-end VLAN model and a local VLAN model. I think part of the confusion is that very few organizations actually use a large-scale end-to-end VLAN model these days, so few can relate to how it might work. I wanted to take a minute to clear the two campus VLAN architecture types up for everyone’s benefit.
In this model, VLANs are trunked across the entire organization, campus, or building – regardless of where end hosts are physically located. The VLANs are strictly based on function with little or no regard for where they may be at any given time. That means all switches contain all VLANs. Obviously this becomes difficult to maintain at scale, which is why VTP is often used in conjunction with the end-to-end VLAN model. Simply add or modify a VLAN on an VTP server switch and the changes are automatically propagated. Of course VTP adds more risk to the mix, but that’s another topic.
Perhaps the biggest benefit to an end-to-end architecture is that any user can get access to their resources from any switch. If a VMPS server is deployed, a user can plug into any switch port and will automatically be assigned to their correct “home” VLAN. Sounds good right?
There are some serious drawbacks though. First, end-to-end VLANs are very difficult to maintain across large networks. If you are not running VTP server or client mode on all of your switches, then every switch must be configured with the correct VLAN assignments manually. And what happens when it comes time to troubleshoot an issue when you have hundreds of switches and to comb through? Managing this type of environment is difficult, but just as concerning is the performance trade-off. If every VLAN is stretched accross every switch, that means they must also cross the distribution and core of your network. All of the broadcast traffic on all VLANs then must also traverse the core, which can lead to serious performance problems.
The main reason I see end-to-end VLANs still used in some organizations is for application requirements. Some apps require all hosts to be on the same segment – regardless of physical location. If this is the case, some VLANs may have to be stretched in an end-to-end fashion.
The local VLAN model is more based around geographical proximity than it is around universal accessibility. In this approach, VLANs are local to a block of switches and never extend all of the way to the core. Instead, they rely on a hierarchical switch structure to terminate the layer two boundaries. For example, you may have VLAN 100 used for “first floor workstation connectivity”. There may be more than one switch that supports the first floor, but they will all be somewhat close. More importantly, all of them will connect to the same pair of distribution layer switches which will act as the default gateway for the local VLAN segments. From there packets are routed to the core using layer three protocols, not layer two VLANs.
Switching of local VLANs at the access layer. Routing at the distribution and core.
A local VLAN configuration means simplified VLAN troubleshooting and fewer spanning tree design considerations. Performance is also improved with SVIs on the distribution switches – creating smaller broadcast domains.
There are few drawbacks to the local VLAN model. If you are used to VTP automating and propagating your VLAN changes, then it might become a more manual process. That said, the overall management overhead required is still reduced when compared to a large-scale end-to-end VLAN deployment.
Hopefully this is helpful for those of you just getting in to VLAN design and architecture. Many people would argue that these labels don’t mean much anymore, but if you’re studying for the CCNP SWITCH exam, you will need to understand the distinctions and features of both models.